From c6e9103e10855fddefb9f25778e3a76a25685ac811a3d445d2ac647ace268bea Mon Sep 17 00:00:00 2001
From: OBS User unknown <null@suse.de>
Date: Fri, 26 Sep 2008 13:07:06 +0000
Subject: [PATCH] OBS-URL:
 https://build.opensuse.org/package/show/openSUSE:Factory/pam?expand=0&rev=17

---
 pam.changes           |  6 ++++++
 pam.spec              |  9 +++++++-
 pam_mail.diff         | 49 +++++++++++++++++++++++++++++++++++++++++++
 pam_tally-fdleak.diff | 37 ++++++++++++++++++++++++++++++++
 4 files changed, 100 insertions(+), 1 deletion(-)
 create mode 100644 pam_mail.diff
 create mode 100644 pam_tally-fdleak.diff

diff --git a/pam.changes b/pam.changes
index 8d55cb3..569c5f8 100644
--- a/pam.changes
+++ b/pam.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Sep 26 13:44:21 CEST 2008 - kukuk@suse.de
+
+- pam_tally: fix fd leak
+- pam_mail: fix "quiet" option
+
 -------------------------------------------------------------------
 Fri Aug 29 15:17:50 CEST 2008 - kukuk@suse.de
 
diff --git a/pam.spec b/pam.spec
index d631896..b0c7948 100644
--- a/pam.spec
+++ b/pam.spec
@@ -35,7 +35,7 @@ License:        BSD 3-Clause; GPL v2 or later
 Group:          System/Libraries
 AutoReqProv:    on
 Version:        1.0.2
-Release:        1
+Release:        8
 Summary:        A Security Tool that Provides Authentication for Applications
 Obsoletes:      pam-laus
 Source:         Linux-PAM-%{version}.tar.bz2
@@ -55,6 +55,8 @@ Patch3:         pam_sepermit.diff
 Patch4:         pam-1.0.1-namespace-create.patch
 Patch5:         pam-1.0.0-selinux-env-params.patch
 Patch6:         Linux-PAM-docu-generated.diff
+Patch7:         pam_mail.diff
+Patch8:         pam_tally-fdleak.diff
 
 %description
 PAM (Pluggable Authentication Modules) is a system security tool that
@@ -103,6 +105,8 @@ building both PAM-aware applications and modules for use with PAM.
 %patch4 -p1
 %patch5 -p0
 %patch6 -p1
+%patch7 -p0
+%patch8 -p0
 
 %build
 CFLAGS="$RPM_OPT_FLAGS" \
@@ -304,6 +308,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/libpam_misc.so
 
 %changelog
+* Fri Sep 26 2008 kukuk@suse.de
+- pam_tally: fix fd leak
+- pam_mail: fix "quiet" option
 * Fri Aug 29 2008 kukuk@suse.de
 - Update to version 1.0.2 (fix SELinux regression)
 - enhance pam_tally [FATE#303753]
diff --git a/pam_mail.diff b/pam_mail.diff
new file mode 100644
index 0000000..abeb915
--- /dev/null
+++ b/pam_mail.diff
@@ -0,0 +1,49 @@
+2008-09-25  Thorsten Kukuk  <kukuk@thkukuk.de>
+
+	* modules/pam_mail/pam_mail.c (report_mail): Fix logic of
+	"quiet" option (Patch from Andreas Henriksson <andreas@fatal.se>)
+
+	* modules/pam_mail/pam_mail.8.xml: Fix typo.
+
+diff -u -r1.5 pam_mail.8.xml
+--- modules/pam_mail/pam_mail.8.xml	18 Aug 2008 13:29:24 -0000	1.5
++++ modules/pam_mail/pam_mail.8.xml	25 Sep 2008 11:51:29 -0000
+@@ -40,7 +40,7 @@
+ 	nopen
+       </arg>
+       <arg choice="opt">
+-	quit
++	quiet
+       </arg>
+       <arg choice="opt">
+ 	standard
+--- modules/pam_mail/pam_mail.c	30 Apr 2007 10:56:24 -0000	1.19
++++ modules/pam_mail/pam_mail.c	25 Sep 2008 11:51:29 -0000
+@@ -303,8 +303,13 @@
+ {
+     int retval;
+ 
+-    if (!(ctrl & PAM_MAIL_SILENT) ||
+-	((ctrl & PAM_QUIET_MAIL) && type == HAVE_NEW_MAIL))
++    if ((ctrl & PAM_MAIL_SILENT) ||
++	((ctrl & PAM_QUIET_MAIL) && type != HAVE_NEW_MAIL))
++      {
++	D(("keeping quiet"));
++	retval = PAM_SUCCESS;
++      }
++    else
+       {
+ 	if (ctrl & PAM_STANDARD_MAIL)
+ 	  switch (type)
+@@ -345,11 +350,6 @@
+ 	      break;
+ 	    }
+       }
+-    else
+-      {
+-	D(("keeping quiet"));
+-	retval = PAM_SUCCESS;
+-      }
+ 
+     D(("returning %s", pam_strerror(pamh, retval)));
+     return retval;
diff --git a/pam_tally-fdleak.diff b/pam_tally-fdleak.diff
new file mode 100644
index 0000000..153256d
--- /dev/null
+++ b/pam_tally-fdleak.diff
@@ -0,0 +1,37 @@
+2008-09-25  Tomas Mraz <t8m@centrum.cz>
+
+        * modules/pam_tally/pam_tally.c(get_tally): Fix syslog message.
+        (tally_check): Open faillog read only. Close file descriptor.
+        Fix typos in messages.
+
+--- modules/pam_tally/pam_tally.c	9 Jul 2008 12:23:23 -0000	1.30
++++ modules/pam_tally/pam_tally.c	19 Sep 2008 12:29:21 -0000
+@@ -350,7 +350,7 @@ get_tally(pam_handle_t *pamh, tally_t *t
+     }
+ 
+     if ( ! ( *TALLY = fopen(filename,(*tally!=TALLY_HI)?"r+":"r") ) ) {
+-      pam_syslog(pamh, LOG_ALERT, "Error opening %s for update", filename);
++      pam_syslog(pamh, LOG_ALERT, "Error opening %s for %s", filename, *tally!=TALLY_HI?"update":"read");
+ 
+ /* Discovering why account service fails: e/uid are target user.
+  *
+@@ -504,7 +504,7 @@ tally_check (time_t oldtime, pam_handle_
+   tally_t
+     deny          = opts->deny;
+   tally_t
+-    tally         = 0;  /* !TALLY_HI --> Log opened for update */
++    tally         = TALLY_HI;
+   long
+     lock_time     = opts->lock_time;
+ 
+@@ -515,6 +515,10 @@ tally_check (time_t oldtime, pam_handle_
+     i=get_tally(pamh, &tally, uid, opts->filename, &TALLY, fsp);
+     if ( i != PAM_SUCCESS ) { RETURN_ERROR( i ); }
+ 
++    if ( TALLY != NULL ) {
++      fclose(TALLY);
++    }
++
+     if ( !(opts->ctrl & OPT_MAGIC_ROOT) || getuid() ) {       /* magic_root skips tally check */
+ 
+       /* To deny or not to deny; that is the question */